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CLAIMS 



What is claimed is: 



11. An virtual metropolitan area network (VMAN) architecture system comprising: 

2 a metropolitan area network (MAN) servicing at least one of a plurality of 

3 customers, each customer having at least one domain; 

4 a first switch capable of segregating data packets from a one of the plurality 

5 of customers into a VMAN, the VMAN servicing at least one of a plurality of 

6 domains, each domain being associated with the same one of the plurality of 

7 customers. 
1 

1 2. The VMAN architecture system of claim 1 , wherein segregating the data 

2 packets comprises: 

3 tagging a data packet from the at least one of the plurality of domains with a 

4 VMAN ID identifying the customer with which the domain is associated; and 

5 forwarding the tagged data packet to a second one of the plurality of domains 

6 associated with the same VMAN ID. 
1 

1 3. The VMAN architecture system of claim 2, wherein forwarding the tagged data 

2 packets further comprises: 

3 routing the tagged data packets to a second switch that forwards only those 

4 tagged data packets having a VMAN ID that matches a VMAN ID with which the 

5 second one of the plurality of domains is associated, to a destination host specified 

6 in the data packet. 



1 
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1 4. The VMAN architecture system of claim 1 , wherein the first switch is an edge 

2 switch located at the edge of the MAN. 
1 

1 5. The VMAN architecture system of claim 3, wherein the second switch is an 

2 edge switch located at the edge of the MAN. 
1 

1 6. The VMAN architecture system of claim 3, wherein the routing is performed by 

2 a core switch located in the core of the MAN. 
1 

1 7. The VMAN architecture system of claim 3, wherein the customer domain is 

2 comprised of at least one of a plurality of VLANs associated with the customer, and 

3 wherein a VLAN ID identifying the at least one VLAN is included in the data packet 

4 header. 
1 

1 8. The VMAN architecture system of claim 3, wherein the specification identifying 

2 the destination host in the data packet includes the VLAN ID. 
1 

1 9. The VMAN architecture system of claim 1 , wherein the switch is further 

2 capable of segregating data packets from a multiple of the plurality of customers into 

3 a second VMAN, the second VMAN providing to the multiple of the plurality of 

4 customers a common third-party service. 
1 

1 10. The VMAN architecture system of claim 6, wherein the common third-party 

2 service is a connection to an Internet Service Provider. 
1 



Yip et al. - Method and System for VMAN Protocol Layer-2 Packet Nested Encapsulation 
EV325527312US 

-16- 



Attorney Docket Ref: 00271 7.P029C 



1 11. The VMAN architecture system of claim 6, wherein the common third-party 

2 service is a connection to an Application Service Provider. 
1 

1 12. A method for a VMAN protocol comprising; 

2 receiving a data packet from a local customer domain at a local switch located 

3 at an edge of a MAN; 

4 adding a VMAN tag to the data packet at the switch, the VMAN tag comprising 

5 a type and an ID, the ID identifying a portion of the MAN associated with the local 

6 customer domain; 

7 receiving the tagged data packet at a remote switch located at another edge of 

8 the MAN; 

9 stripping the VMAN tag from the data packet at the remote switch; and 

10 forwarding the stripped data packet to a remote customer domain controlled by 



1 1 the remote switch, the remote customer domain matching the local customer domain. 
1 

1 13. The method of claim 12, wherein the local customer domain and the remote 

2 customer domain are comprised of hosts belonging to identical VLANs. 
1 

1 14. The method of claim 12, further comprising: 

2 routing the tagged data packet to the remote switch via a core switch in the 

3 MAN. 
1 

1 15. The method of claim 12 wherein the data packet received from the local 

2 customer domain is an 802. 1Q tagged frame. 
1 
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1 16. The method of claim 1 2 wherein the data packet received from the local 

2 customer domain is an untagged frame. 
1 

1 1 7. The method of claim 1 5, wherein adding the VMAN tag to the data packet 

2 comprises inserting the VMAN type and the VMAN tag between two well-known fields 

3 of the 802. 1Q tagged frame. 
1 

1 18. The method claim 17, wherein the first well-known field of the 802.1 Q tagged 

2 frame is the Media Access Control (MAC) source address, and the second well- 

3 known field of the 802. 1Q tagged frame is a VLAN type. 
1 

1 19. The method of claim 18, wherein the VLAN type is a hexadecimal value "8100" 

2 having a length of 2 bytes of 
1 

1 20. The method of claim 12, wherein the VMAN type is a hexadecimal value 

2 "8181" having a length of 2 bytes. 
1 

1 21 . The method of claim 1 2, wherein the VMAN ID is a hexadecimal value having 

2 a length of 2 bytes. 
1 

1 22. The method of claim 1 2, wherein adding the VMAN tag results in a tagged 

2 data packet having a length 4 bytes more than the length of the data packet received 

3 from the local customer domain. 
1 

1 23. An article of manufacture comprising a machine-accessible medium having 

2 stored thereon a plurality of instructions for processing a VMAN protocol, comprising: 
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3 receiving a data packet from a local customer domain at a local switch located 

4 at an edge of a MAN; 

5 adding a VMAN tag to the data packet at the switch, the VMAN tag comprising 

6 a type and an ID, the ID identifying a portion of the MAN associated with the local 

7 customer domain; 

8 receiving the tagged data packet at a remote switch located at another edge of 

9 a MAN; 

10 stripping the VMAN tag from the data packet at the remote switch; and 

1 1 forwarding the stripped data packet to a remote customer domain controlled by 



12 the remote switch, the remote customer domain matching the local customer domain. 
1 

1 24. The article of manufacture of claim 22, wherein the local customer domain and 

2 the remote customer domain are comprised hosts belonging to identical VLANs. 
1 

1 25. The article of manufacture of claim 22, further comprising: 

2 routing the tagged data packet to the remote switch via a core switch in the 

3 MAN. 
1 

1 26. The article of manufacture of claim 22, wherein the data packet received from 

2 the local customer domain is an 802. 1Q tagged frame. 
1 

1 27. The article of manufacture of claim 22, wherein the data packet received from 

2 the local customer domain is an untagged frame. 
1 
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1 28. The article of manufacture of claim 26, wherein adding the VMAN tag to the 

2 data packet comprises inserting the VMAN type and the VMAN tag between two well- 

3 known fields of the 802. 1 Q tagged frame. 
1 

1 29. The article of manufacture of claim 27, wherein the first well-known field of the 

2 802. 1Q tagged frame is the Media Access Control (MAC) source address, and the 

3 second well-known field of the 802. 1Q tagged frame is a VLAN type. 
1 

1 30. The article of manufacture of claim 22, wherein the VLAN type is a 

2 hexadecimal value of "8100" having a length of 2 bytes. 
1 

1 31 . The article of manufacture of claim 22, wherein the VMAN type is a 

2 hexadecimal value of "8181" having a length of 2 bytes. 
1 

1 32. The article of manufacture of claim 22, wherein the VMAN ID is a hexadecimal 

2 value having a length of 2 bytes. 
1 

1 33. The article of manufacture of claim 22, wherein adding the VMAN tag results in 

2 a tagged data packet having a length 4 bytes more than the length of the data packet 

3 received from the local customer domain. 
1 
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